RFC 3161 compliant time stamp request creation, response generation

[oweals/openssl.git] / crypto / bn / bn_gcd.c

diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 7496dbc3bd83b753dd12f4e52854c5bf6c27668b..f02e6fcdb422903cff18eaeba6b7ee9313dfe09f 100644 (file)
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -140,6 +140,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
        ret=1;
 err:
        BN_CTX_end(ctx);
+       bn_check_top(r);
        return(ret);
        }
 
@@ -194,6 +195,7 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
                {
                if (!BN_lshift(a,a,shifts)) goto err;
                }
+       bn_check_top(a);
        return(a);
 err:
        return(NULL);
@@ -244,11 +246,12 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
         *      sign*Y*a  ==  A   (mod |n|).
         */
 
-       if (BN_is_odd(n) && (BN_num_bits(n) <= 400))
+       if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
                {
                /* Binary inversion algorithm; requires odd modulus.
                 * This is faster than the general algorithm if the modulus
-                * is sufficiently small. */
+                * is sufficiently small (about 400 .. 500 bits on 32-bit
+                * sytems, but much more on 64-bit systems) */
                int shift;
                
                while (!BN_is_zero(B))
@@ -485,5 +488,6 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
 err:
        if ((ret == NULL) && (in == NULL)) BN_free(R);
        BN_CTX_end(ctx);
+       bn_check_top(ret);
        return(ret);
        }